Sign-up

ID

VAR-202206-0974


CVE

CVE-2022-31734


TITLE

Cisco Catalyst 2940  series   Cross-site scripting vulnerability in Switch

Trust: 0.8

sources: JVNDB: JVNDB-2022-000044

DESCRIPTION

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY released in 2011, and Cisco Catalyst 2940 Series Switches have been retired since January 2015. (CWE-79) Vulnerability exists. This vulnerability is 2011 Released in the year 12.2(50)SY Is being dealt with (Cisco bug id: CSCek36997) .. In addition, the product 2015 A year End-of-Support It has become. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer

Trust: 2.25

sources: NVD: CVE-2022-31734 // JVNDB: JVNDB-2022-000044 // CNVD: CNVD-2022-55665 // VULMON: CVE-2022-31734

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-55665

AFFECTED PRODUCTS

vendor:ciscomodel:ws-c2940-8tt-sscope:ltversion:12.2\(50\)sy

Trust: 1.0

vendor:ciscomodel:ws-c2940-8tf-sscope:ltversion:12.2\(50\)sy

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst 2940 シリーズ スイッチscope:ltversion:cisco catalyst 2940 series switch 12.2(50)sy earlier firmware

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst 2940 シリーズ スイッチscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:catalyst <12.2 syscope:eqversion:2940

Trust: 0.6

sources: CNVD: CNVD-2022-55665 // JVNDB: JVNDB-2022-000044 // NVD: CVE-2022-31734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31734
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2022-000044
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-55665
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202206-1213
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-31734
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-31734
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2022-000044
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2022-55665
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-31734
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

IPA: JVNDB-2022-000044
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-55665 // VULMON: CVE-2022-31734 // JVNDB: JVNDB-2022-000044 // CNNVD: CNNVD-202206-1213 // NVD: CVE-2022-31734

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-000044 // NVD: CVE-2022-31734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1213

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202206-1213

PATCH

title:Cisco Catalyst 2940  series   switch  -  Notice of endurl:https://www.cisco.com/c/ja_jp/obsolete/switches/cisco-catalyst-2940-series-switches.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-000044

EXTERNAL IDS

db:NVDid:CVE-2022-31734

Trust: 3.9

db:JVNid:JVN94363766

Trust: 2.5

db:JVNDBid:JVNDB-2022-000044

Trust: 1.4

db:CNVDid:CNVD-2022-55665

Trust: 0.6

db:CS-HELPid:SB2022061717

Trust: 0.6

db:CNNVDid:CNNVD-202206-1213

Trust: 0.6

db:VULMONid:CVE-2022-31734

Trust: 0.1

sources: CNVD: CNVD-2022-55665 // VULMON: CVE-2022-31734 // JVNDB: JVNDB-2022-000044 // CNNVD: CNNVD-202206-1213 // NVD: CVE-2022-31734

REFERENCES

url:https://jvn.jp/en/jp/jvn94363766/index.html

Trust: 1.7

url:https://www.cisco.com/c/en/us/obsolete/switches/cisco-catalyst-2940-series-switches.html

Trust: 1.7

url:https://vigilance.fr/vulnerability/cisco-catalyst-2940-cross-site-scripting-via-error-pages-38568

Trust: 1.2

url:https://jvn.jp/jp/jvn94363766/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-31734

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022061717

Trust: 0.6

url:https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000044.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-31734/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-55665 // VULMON: CVE-2022-31734 // JVNDB: JVNDB-2022-000044 // CNNVD: CNNVD-202206-1213 // NVD: CVE-2022-31734

SOURCES

db:CNVDid:CNVD-2022-55665
db:VULMONid:CVE-2022-31734
db:JVNDBid:JVNDB-2022-000044
db:CNNVDid:CNNVD-202206-1213
db:NVDid:CVE-2022-31734

LAST UPDATE DATE

2024-08-14T14:55:26.200000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-55665date:2022-08-08T00:00:00
db:VULMONid:CVE-2022-31734date:2022-06-27T00:00:00
db:JVNDBid:JVNDB-2022-000044date:2024-06-18T01:50:00
db:CNNVDid:CNNVD-202206-1213date:2022-07-01T00:00:00
db:NVDid:CVE-2022-31734date:2024-08-03T08:15:23.970

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-55665date:2022-08-08T00:00:00
db:VULMONid:CVE-2022-31734date:2022-06-20T00:00:00
db:JVNDBid:JVNDB-2022-000044date:2022-06-14T00:00:00
db:CNNVDid:CNNVD-202206-1213date:2022-06-14T00:00:00
db:NVDid:CVE-2022-31734date:2022-06-20T10:15:07.950